Commit Graph

100 Commits

Author SHA1 Message Date
ngie
26683565eb Conditionalize wrap(3) use based on MK_TCP_WRAPPERS instead of
always building support into rpcbind.

MFC after:	2 weeks
2017-01-06 04:13:08 +00:00
asomers
7973595fe1 Fix usr.sbin/rpcbind ATF tests on 32-bit platforms
usr.sbin/rpcbind/tests/addrmerge_test.c
	Fix some sizeof calculations that work only by luck on 64-bit
	platforms.

PR:		210314
Reviewed by:	ngie
Approved by:	re (kib)
Reported by:	Mark Millard
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D6855
2016-06-16 15:25:37 +00:00
pfg
1262eaf8ad rpcbind(8): Make use of some xdr_* macros.
xdr_rpcproc, xdr_rpcprog and xdr_rpcvers were broken in older
versions of FreeBSD but fixed in r296394.  Give them some use
hoping they help make the code somewhat more readable.
2016-06-09 22:25:00 +00:00
ngie
bc20c2f0f0 Bounds check rpcbs_rmtcall(..) to ensure rtype is less than RPCBVERS_STAT
Not returning if rtype == RPCBVERS_STAT will cause us to overrun the inf array, as
it's defined to be exactly RPCBVERS_STAT elements in rpcb_prot.x:

> include/rpc/rpcb_prot.x:typedef rpcb_stat rpcb_stat_byvers[RPCBVERS_STAT];

The proposed change also matches the rest of the rtype upper bound checks in the
file, so the original change was likely a typo.

MFC after: 2 weeks
Reported by: Coverity
CID: 1007567
Reviewed by: truckman
Sponsored by: EMC / Isilon Storage Division
2016-06-08 12:45:22 +00:00
ngie
84bc11e566 Follow up to r300932
In the event MK_INET6 != no in userspace, but is disabled in the
kernel, or if there aren't any IPv6 addresses configured in userspace
(for lo0 and all physical interfaces), rpcbind would terminate
immediately instead of silently failing on

Skip over the IPv6 block to its respective cleanup with freeifaddrs if
creating the socket failed instead of terminating rpcbind immediately

MFC after: 6 days
X-MFC with: r300932
Reported by: O. Hartmann <ohartman@zedat.fu-berlin.de>
Sponsored by: EMC / Isilon Storage Division
2016-05-29 20:28:01 +00:00
markj
1ae96dc8db Fix rpcbind init after r300941.
- getaddrinfo() sets res = NULL on failure and freeaddrinfo() always
  dereferences its argument, so we should only free the address list after
  a successful call.
- Address a second potential leak caused by getaddrinfo(AF_INET6)
  overwriting the address list returned by getaddrinfo(AF_INET).

X-MFC-With:	r300941
2016-05-29 19:46:34 +00:00
ngie
261014d97d Staticize variables only used in rpcbind.c
This is some low hanging fruit necessary for making this WARNS?= 6 clean

MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division
2016-05-29 07:01:12 +00:00
ngie
9cd463f0ff Remove unnecessary caller_uaddr != NULL test before calling free on it
MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division
2016-05-29 06:29:22 +00:00
ngie
acc0b5542a Remove a useless if (x != NULL) check before calling free on allocated_uaddr
MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division
2016-05-29 06:01:18 +00:00
ngie
3a9c6c760d Don't leak res in network_init(..)
Call freeaddrinfo on it after it's been used

MFC after: 1 week
Reported by: Coverity
CID: 1225050
Sponsored by: EMC / Isilon Storage Division
2016-05-29 05:55:21 +00:00
ngie
bee3d2d308 Plug leak with ifp by calling freeifaddrs after calling getifaddrs
MFC after: 1 week
Obtained from: NetBSD v1.18
Sponsored by: EMC / Isilon Storage Division
2016-05-29 04:02:02 +00:00
ngie
2fd21198ee Catch malloc(3) errors and socket(2) errors
- malloc failing will result in a delayed segfault
- socket failing will result in delayed failures with setsockopt

Exit in the event that either of these high-level conditions are met.

Reported by: Coverity
CID: 976288, 976321, 976858
Sponsored by: EMC / Isilon Storage Division
2016-05-29 03:42:50 +00:00
ngie
f766e8e67e Only expose hint_uaddr in the ND_DEBUG case
This fixes a -Wunused-but-set-variable warning with gcc

MFC after: 1 week
Reported by: gcc 5
Sponsored by: EMC / Isilon Storage Division
2016-05-27 19:30:13 +00:00
ngie
92100036c8 Merge ^/user/ngie/release-pkg-fix-tests to unbreak how test files are installed
after r298107

Summary of changes:

- Replace all instances of FILES/TESTS with ${PACKAGE}FILES. This ensures that
  namespacing is kept with FILES appropriately, and that this shouldn't need
  to be repeated if the namespace changes -- only the definition of PACKAGE
  needs to be changed
- Allow PACKAGE to be overridden by callers instead of forcing it to always be
  `tests`. In the event we get to the point where things can be split up
  enough in the base system, it would make more sense to group the tests
  with the blocks they're a part of, e.g. byacc with byacc-tests, etc
- Remove PACKAGE definitions where possible, i.e. where FILES wasn't used
  previously.
- Remove unnecessary TESTSPACKAGE definitions; this has been elided into
  bsd.tests.mk
- Remove unnecessary BINDIRs used previously with ${PACKAGE}FILES;
  ${PACKAGE}FILESDIR is now automatically defined in bsd.test.mk.
- Fix installation of files under data/ subdirectories in lib/libc/tests/hash
  and lib/libc/tests/net/getaddrinfo
- Remove unnecessary .include <bsd.own.mk>s (some opportunistic cleanup)

Document the proposed changes in share/examples/tests/tests/... via examples
so it's clear that ${PACKAGES}FILES is the suggested way forward in terms of
replacing FILES. share/mk/bsd.README didn't seem like the appropriate method
of communicating that info.

MFC after: never probably
X-MFC with: r298107
PR: 209114
Relnotes: yes
Tested with: buildworld, installworld, checkworld; buildworld, packageworld
Sponsored by: EMC / Isilon Storage Division
2016-05-04 23:20:53 +00:00
pfg
fb39a70cdf rpcbind: use our roundup() macro when available through <sys/param.h>.
No functional change.
2016-05-02 02:15:05 +00:00
gjb
1c7e318a9a MFH
Sponsored by:	The FreeBSD Foundation
2016-03-10 21:16:01 +00:00
bdrewery
aab40fdc3d DIRDEPS_BUILD: Connect MK_TESTS.
Sponsored by:	EMC / Isilon Storage Division
2016-03-09 22:46:01 +00:00
gjb
a6998ad84f First pass to fix the 'tests' packages.
Sponsored by:	The FreeBSD Foundation
2016-02-02 22:26:49 +00:00
asomers
5d4b291b54 Fix Coverity warnings regarding r293229
rpcbind/check_bound.c
	Fix CID1347798, a memory leak in mergeaddr.

rpcbind/tests/addrmerge_test.c
	Fix CID1347800 through CID1347803, memory leaks in ATF tests.  They
	are harmless because each ATF test case runs in its own process, but
	they are trivial to fix.  Fix a few other leaks that Coverity didn't
	detect, too.

Coverity CID:	1347798, 1347800, 1347801, 1347802, 1347803
MFC after:	2 weeks
X-MFC-With:	293229
Sponsored by:	Spectra Logic Corp
2016-01-13 17:33:50 +00:00
asomers
a6cc4bb03b "source routing" in rpcbind
Fix a bug in rpcbind for multihomed hosts. If the server had interfaces on
two separate subnets, and a client on the first subnet contacted rpcbind at
the address on the second subnet, rpcbind would advertise addresses on the
first subnet. This is a bug, because it should prefer to advertise the
address where it was contacted. The requested service might be firewalled
off from the address on the first subnet, for example.

usr.sbin/rpcbind/check_bound.c
	If the address on which a request was received is known, pass that
	to addrmerge as the clnt_uaddr parameter. That is what addrmerge's
	comment indicates the parameter is supposed to mean. The previous
	behavior is that clnt_uaddr would contain the address from which the
	client sent the request.

usr.sbin/rpcbind/util.c
	Modify addrmerge to prefer to use an IP that is equal to clnt_uaddr,
	if one is found. Refactor the relevant portion of the function for
	clarity, and to reduce the number of ifdefs.

etc/mtree/BSD.tests.dist
usr.sbin/rpcbind/tests/Makefile
usr.sbin/rpcbind/tests/addrmerge_test.c
	Add unit tests for usr.sbin/rpcbind/util.c:addrmerge.

usr.sbin/rpcbind/check_bound.c
usr.sbin/rpcbind/rpcbind.h
usr.sbin/rpcbind/util.c
	Constify some function arguments

Reviewed by:	imp
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D4690
2016-01-06 00:00:11 +00:00
hrs
a9bfaebd85 Reallocate a maxlen-long buffer only when the current maxlen is
shorter than the required length.  Note that it rarely happens
because maxlen is almost always 128 which covers struct sockaddr_storage.
2015-10-06 08:43:48 +00:00
delphij
5f0779b2e8 Fix a regression with SA-15:24 patch that prevented NIS from
working.
2015-10-02 16:35:41 +00:00
delphij
88cb9496ec The Sun RPC framework uses a netbuf structure to represent the
transport specific form of a universal transport address.  The
structure is expected to be opaque to consumers.  In the current
implementation, the structure contains a pointer to a buffer
that holds the actual address.

In rpcbind(8), netbuf structures are copied directly, which would
result in two netbuf structures that reference to one shared
address buffer.  When one of the two netbuf structures is freed,
access to the other netbuf structure would result in an undefined
result that may crash the rpcbind(8) daemon.

Fix this by making a copy of the buffer that is going to be freed
instead of doing a shallow copy.

Security:	FreeBSD-SA-15:24.rpcbind
Security:	CVE-2015-7236
2015-09-29 18:05:54 +00:00
sjg
008d7c831f Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
sjg
75a137820d dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
sjg
65145fa4c8 Merge sync of head 2015-05-27 01:19:58 +00:00
bapt
a191ba5195 Convert usr.sbin to LIBADD
Reduce overlinking
2014-11-25 16:57:27 +00:00
sjg
b137080f19 Merge from head@274682 2014-11-19 01:07:58 +00:00
bapt
87a929d82d rpcbind does not need to be linked to libutil 2014-11-06 10:07:26 +00:00
sjg
5860f0d106 Updated dependencies 2014-05-16 14:09:51 +00:00
sjg
1a7e48acf1 Updated dependencies 2014-05-10 05:16:28 +00:00
sjg
ed3fc70bf5 Merge from head 2014-05-08 23:54:15 +00:00
imp
2118f42afd Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
sjg
5e568154a0 Merge head 2014-04-28 07:50:45 +00:00
mav
1e800dd8ab Disable libwrap (TCP wrappers) support in rpcbind by default, introducing
new command line options -W, to enable it when needed.

On my tests this change by almost ten times improves rpcbind performance.

No objections:	many, net@
2014-03-06 17:33:27 +00:00
hrs
facbca4be1 Replace Sun RPC license with a 3-clause BSD license, with the explicit
permission of Sun Microsystems in 2009.
2013-11-25 16:44:02 +00:00
sjg
6d37b86f2b Updated dependencies 2013-03-11 17:21:52 +00:00
sjg
0ee5295509 Updated dependencies 2013-02-16 01:23:54 +00:00
obrien
3028e3f8ab Sync with HEAD. 2013-02-08 16:10:16 +00:00
kevlo
804c67a486 Fix socket calls on error post-r243965.
Submitted by:	Garrett Cooper
2012-12-21 15:54:13 +00:00
hrs
456b7a9341 Fill sin6_scope_id in sockaddr_in6 before passing it from the kernel to
userland via routing socket or sysctl.  This eliminates the following
KAME-specific sin6_scope_id handling routine from each userland utility:

 sin6.sin6_scope_id = ntohs(*(u_int16_t *)&sin6.sin6_addr.s6_addr[2]);

This behavior can be controlled by net.inet6.ip6.deembed_scopeid.  This is
set to 1 by default (sin6_scope_id will be filled in the kernel).

Reviewed by:	bz
2012-11-17 20:19:00 +00:00
marcel
9dd41e3647 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
uqs
415a3a9b96 Spelling fixes for usr.sbin/ 2011-12-30 10:58:14 +00:00
delphij
0897764456 Use prototype. While I'm there, add a pair of parenthesis to mark an if
statment's border.

MFC after:	1 month
2011-07-14 07:28:49 +00:00
brucec
6d9b42b486 Fix typos - remove duplicate "the".
PR:	bin/154928
Submitted by:	Eitan Adler <lists at eitanadler.com>
MFC after: 	3 days
2011-02-21 09:01:34 +00:00
imp
fc770dc08c Revert bogus change that snuck into r203972. 2010-02-17 06:11:05 +00:00
imp
79251c9c52 The NetBSD Foundation has given permission to remove clause 3 and 4
from their liceense.

Obtained from:	NetBSD
2010-02-16 21:47:05 +00:00
imp
4aa0a8fc65 When you have multiple addresses on the same network on different
interfaces (such as when you are part of a carp pool), and you run
rpcbind -h to restrict which interfaces have rpc services, rpcbind can
none-the-less return addresses that aren't in the -h list.  This patch
enforces the rule that when you specify -h on the command line, then
services returned from rpcbind must be to one of the addresses listed
in -h, or be a loopback address (since localhost is implicit when
running -h).

The root cause of this is the assumption in addrmerge that there can
be only one interface that matches a given network IP address.  This
turns out not to be the case.  To retain historical behavior, I didn't
try to fix the routine to prefer the address that the request came
into, since I didn't know the side effects that might cause in the
normal case.  My quick analysis suggests that it wouldn't be a
problem, but since this code is tricky I opted for the more
conservative patch of only restricting the reply when -h is in effect.

Hence, this change will have no effect when you are running rpcbind
without -h.

Reviewed by:	alfred@
Sponsored by:	iX Systems
MFC after:	2 weeks
2010-02-09 18:10:56 +00:00
imp
a1d856c695 Initialize fromlen before calling recvfrom to avoid passing in random
stack garbage.

Obtained from:	NetBSD 1.13
2010-02-07 07:50:41 +00:00
ed
073cafdd42 The last big commit: let usr.sbin/ use WARNS=6 by default. 2010-01-02 11:07:44 +00:00